A technical blog post demonstrates how to bypass Deep Packet Inspection (DPI) using eBPF sock_ops to send fake TLS ClientHello packets with decoy SNI values, avoiding the need for VPNs or proxies. The method exploits DPI weaknesses by desynchronizing the inspection state through carefully timed low-TTL packets and TCP fragmentation. This provides a system-level, transparent solution for circumventing censorship or filtering middleboxes.
Background
Deep Packet Inspection (DPI) is commonly used by network operators to filter or block traffic based on content, often by inspecting TLS handshakes. eBPF is a Linux kernel technology that allows running sandboxed programs at various hooks in the kernel.
- Source
- Lobsters
- Published
- Apr 28, 2026 at 08:34 PM
- Score
- 7.0 / 10